<?php

defined('IN_IA') or exit('Access Denied');
$table = 'sms_grant';
$dos = array_keys(getOperate());
$do = !empty($_GPC['do']) && in_array($do, $dos) ? $do : 'list';


if ($do == 'list') {
    $status = getBizStatus();
    $_W['page']['title'] = '管理拨款凭证信息 - 拨款凭证信息列表';

    $condition = '';
    if(! checkModuleRight($user, 'grant', 'audit',false)){
        $condition= " and createid ={$_W['uid']} " ;
    }
    $key = trim($_GPC['keyword']);
    if (!empty($key)) {
        $condition .= " AND  content like '%{$key}%'";
        $_GET['keyword'] = $key;
    }
    $key = trim($_GPC['company']);
    if (!empty($key)) {
        $condition .= " AND ( payer like '%{$key}%' or payee like '%{$key}%' )";
        $_GET['keyword'] = $key;
    }
    if (isset($_GPC['searchtype'])&&($_GPC['searchtype']!='')) {
        $key = intval($_GPC['searchtype']);
        $condition = " WHERE status = " . $key . $condition;
        $_GET['searchtype'] = $key;
    } else {
        $condition = " WHERE status <" . DELETED . $condition;
    }
    $pindex = max(1, intval($_GPC['page']));
    $psize = 10; //ORDER BY createtime DESC
    $list = pdo_fetchall("SELECT * FROM " . tablename($table) . $condition . ' order by createtime desc LIMIT ' . ($pindex - 1) * $psize . ',' . $psize);
    $total = pdo_fetchcolumn("SELECT COUNT(*) FROM " . tablename($table) . $condition);
    $pager = pagination($total, $pindex, $psize);
    template('sms/grant_list');
} else {
    checkModuleRight($user, 'grant', $do);
}
if ($do == 'add' || $do == 'edit') {
    $url = url('sms/grant/' . $do);
    $_W['page']['title'] = '管理拨款凭证信息 - 增加拨款凭证信息';

    $id = intval($_GPC['id']);

    if (!empty($id)) {
        $row = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE   id = {$id} ");
        //检查数据是否有权操作
        checkRecodeRight($row, $user, 'edit');
        $selects = empty($row['sendee']) ? array() : json_decode($row['sendee'], true);
    } else {
        $row = array('content' => $_W['config']['GRANT_Temp']);
    }


    if (checksubmit('submit')) {
        $data = array(
            'creator' => $_W['username'],
            'createid' => $_W['uid'],
            'thumb' => $_GPC['thumb'],
            'payer' => trim($_GPC['payer']),
            'payee' => trim($_GPC['payee']),
            'money' => $_GPC['money'],
            'purpose' => trim($_GPC['purpose']),
            'needsend' => intval($_GPC['need_send']),
            'changetime' => TIMESTAMP,
        );
        if ($data['needsend'] == 1) {
            if (count($_GPC['ids']) > 0) {
                $sendee = getSendeeByIds($_GPC['ids']);
                $data['sendee'] = json_encode($sendee);
                //处理短信生成
                $data['content'] = procGrantContent($data);
            } else {
                message('请增加短信接收人信息！');
            }
        }
        if ($_GPC['submit'] == 'audit') {
            $data['status'] = AUDIT;
        }
        if (empty($id)) {
            $data['createtime'] = TIMESTAMP;
            pdo_insert($table, $data);
        } else {
            $row = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE   id = '{$id}'");
            if (!empty($row)) {
                if ($row['status'] == PASS) {
                    message('此数据不允许修改！');
                } else {
                    pdo_update($table, $data, array('id' => $id));
                }
            } else {
                message('无效参数，数据不存在！');
            }
        }
        message('数据更新成功！', url('grant/grant/list'), 'success');
    }
    load()->func('tpl');
    template('sms/grant_post');
}
if ($do == 'audit') {

    $_W['page']['title'] = '管理拨款凭证信息 - 审核拨款凭证信息';

    $id = intval($_GPC['id']);
    $row = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE id = {$id}");

    if (empty($row)) {
        message('数据不存在，无效的参数！');
    } else {
        checkRecodeRight($row, $user, 'audit');
    }


    if (checksubmit('submit')) {
        if ($_GPC['submit'] == 'pass') {
            $status = PASS;
        } else {
            $status = NOPASS;
        }

        $data = array(
            'status' => $status,
            'auditor' => $_W['username'],
            'auditid' => $_W['uid'],
            'changetime' => TIMESTAMP,
        );
        pdo_update($table, $data, array('id' => $id));
        if ($row['needsend'] == 1) {
            AddSMSMsg($row, 'grant');
        }
        message('数据更新成功！', url('sms/grant/list'), 'success');
    }
    $selects = empty($row['sendee']) ? array() : json_decode($row['sendee'], true);
    template('sms/grant_audit');
}

if ($do == 'delete') {
    checkModuleRight($user, 'grant', 'delete');
    $id = intval($_GPC['id']);
    if ($id > 0) {
        $row = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE   id = {$id}");
        if (!in_array($row['status'], array(PASS, AUDIT))) {
            pdo_update($table, array('status' => DELETED, 'changetime' => TIMESTAMP), array('id' => $row['id']));
            message('数据删除成功！', url('grant/grant/list'), 'success');
        }else{
            message('此数据禁止删除！', url('grant/grant/list'), 'error');
        }
    }
}
if ($do == 'disp') {
    $status = getBizStatus();
    $id = intval($_GPC['id']);
    if (!empty($id)) {
        $row = pdo_fetch("SELECT * FROM " . tablename($table) . " WHERE   id = {$id} ");
        //检查数据是否有权操作
        $selects = empty($row['sendee']) ? array() : json_decode($row['sendee'], true);
    } else {
        $row = array('content' => $_W['config']['GRANT_Temp']);
    }
    template('sms/grant_display');
}
